|
|
|
|
|
|
by brandur
3438 days ago
|
|
|
I can't recall all the exact details, but there is some validation logic in place along the lines of "if there's a wildcard domain installed then newly added subdomains must be on the same account as the wildcard's owner". You could give it a shot, but I don't think this attack would work. (I used to help maintain the system responsible for this, but don't work there anymore.) |
|
|
edit: here's what we sent to heroku https://gist.github.com/bdittmer/6461b7a5093acd7d6263